x/group-based-policy
Code Issues Proposed changes

Propagate allowed address pairs to head of the chain

Browse Source 
Closes-Bug: 1593891
Change-Id: I518d5f72c6bd4ed03c70a29a34ba2c500750f1b6
This commit is contained in:
Ivar Lazzaro 2016-06-17 15:16:10 -07:00
parent aab00f8688
commit cc6141a1b2
2 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py
View File

@ -432,7 +432,8 @@ class ApicMappingDriver(api.ResourceMappingDriver,
context, ptg['proxied_group_id']) context, ptg['proxied_group_id'])
for port in self._get_ptg_ports(proxied): for port in self._get_ptg_ports(proxied):
extra_map['extra_ips'].extend( extra_map['extra_ips'].extend(
[x['ip_address'] for x in port['fixed_ips']]) [x['ip_address'] for x in port['fixed_ips'] +
port.get('allowed_address_pairs', [])])
(fips, ipms, host_snat_ips) = ( (fips, ipms, host_snat_ips) = (
self._get_ip_mapping_details( self._get_ip_mapping_details(
context, port['id'], l3_policy, context, port['id'], l3_policy,
@ -546,7 +547,8 @@ class ApicMappingDriver(api.ResourceMappingDriver,
for port in ports: for port in ports:
# Whenever a owned address belongs to a port, steal its FIPs # Whenever a owned address belongs to a port, steal its FIPs
if owned_addresses & set([x['ip_address'] for x in if owned_addresses & set([x['ip_address'] for x in
port['fixed_ips']]): port['fixed_ips'] + port.get(
'allowed_address_pairs', [])]):
fips_filter.append(port['id']) fips_filter.append(port['id'])
fips = self._get_fips(context, filters={'port_id': fips_filter}) fips = self._get_fips(context, filters={'port_id': fips_filter})

17
gbpservice/neutron/tests/unit/services/servicechain/ncp/test_tscp_apic_mapping.py
View File

@ -995,6 +995,15 @@ class TestProxyGroup(ApicMappingStitchingPlumberGBPTestCase):
name="ptg1")['policy_target_group'] name="ptg1")['policy_target_group']
pt1 = self.create_policy_target( pt1 = self.create_policy_target(
policy_target_group_id=ptg['id'])['policy_target'] policy_target_group_id=ptg['id'])['policy_target']
data = {'allowed_address_pairs':
[{'ip_address': '170.166.0.1'},
{'ip_address': '170.166.0.2'}]}
# Create EP with bound port
port = self.driver._update_port(context.get_admin_context(),
pt1['port_id'], data)
self.assertEqual(['170.166.0.1', '170.166.0.2'],
[x['ip_address'] for x in
port['allowed_address_pairs']])
self._bind_port_to_host(pt1['port_id'], 'h1') self._bind_port_to_host(pt1['port_id'], 'h1')
pt2 = self.create_policy_target( pt2 = self.create_policy_target(
policy_target_group_id=ptg['id'])['policy_target'] policy_target_group_id=ptg['id'])['policy_target']
@ -1043,7 +1052,8 @@ class TestProxyGroup(ApicMappingStitchingPlumberGBPTestCase):
# Verify extra addresses # Verify extra addresses
ips = self._get_pts_addresses([pt1, pt2]) ips = self._get_pts_addresses([pt1, pt2])
self.assertEqual(set(ips), set(mapping['extra_ips'])) self.assertEqual(set(ips + ['170.166.0.1', '170.166.0.2']),
set(mapping['extra_ips']))
self.assertEqual(ptg['tenant_id'], mapping['ptg_tenant']) self.assertEqual(ptg['tenant_id'], mapping['ptg_tenant'])
self.assertEqual(1, len(mapping['ip_mapping'])) self.assertEqual(1, len(mapping['ip_mapping']))
# No SNAT subnet # No SNAT subnet
@ -1078,8 +1088,9 @@ class TestProxyGroup(ApicMappingStitchingPlumberGBPTestCase):
context.get_admin_context(), context.get_admin_context(),
device='tap%s' % proxy_gw_failover['port_id'], host='h2') device='tap%s' % proxy_gw_failover['port_id'], host='h2')
self.assertEqual( self.assertEqual(
set(ips), set(mapping['extra_details'][master_port['mac_address']][ set(ips + ['170.166.0.1', '170.166.0.2']),
'extra_ips'])) set(mapping['extra_details'][master_port['mac_address']][
'extra_ips']))
self.assertEqual( self.assertEqual(
[{'mac_address': master_port['mac_address'], [{'mac_address': master_port['mac_address'],
'ip_address': master_port['fixed_ips'][0]['ip_address'], 'ip_address': master_port['fixed_ips'][0]['ip_address'],